I've always used my Ubuntu desktop behind the security of a router with NAT, but there have been a few times when I've had to plug it directly into an active cable modem.

In general, what precautions I should be taking in situations when my computer is exposed to the internet like this for extended periods of time? Specifics that immediately come to mind are:

Are there any default network services I might want to disable?

Is there a need to modify the default firewall configuration?

Should I be concerned about services using password authentication?

What kind of logging can I do to be notified of unauthorized access?

I realize that questions like this are just the tip of the iceberg of expansive topics that entire professions are based upon, so let me make clear: What I'm looking for are a few straightforward recommendations of best practices or configuration changes that a desktop user would find useful in a default Ubuntu installation.

The 127.0.0.1 entries are harmless, because those programs only listen on the local network interface.

sshd is an example of a service that listens on all available interfaces (0.0.0.0, i.e. including the one the cable internet modem is connected to) - but usually you have good passwords or disable password authentication and only use public-key.

Anyways, IIRC sshd is not installed by default.

The last two interfaces regard IPv6. ::1 is the address of the loopback device (like 127.0.0.1 in IPv4), thus safe. ::: is the IPv6 all network interface wildcard analog to 0.0.0.0 (IPv4).

iptables is the firewall that is installed, by default, in Ubuntu. There is a HowTo here. If you are not command line fluent then you may find Firestarter a useful addition as it added a GUI on top of iptables.

Don't you hate it when people downvote without explaining why - I've got broad shoulders and can take criticism if I've got something wrong if only people had the decency to tell me; that way we all learn something.
–
DilbertDaveFeb 13 '12 at 17:16

Are you sure your ubuntu desktop is exposed directly to the internet? Usually there is a router inbetween, which already acts a firewall.

Otherwise you can install Firestarter, if you are paranoid about what services you run yourself.

In general though, it's not needed. What is needed however, is that you make sure you install security updates in a timely fashion.

By default samba, and avahi don't expose themselves to anything but local ips'.
Avahi runs by default, sambda is something you install manually. (when you choose to 'share' a folder, the install dialog for samba pops up)

Other than that, no incoming connections are excepted by default on an ubuntu install.

A firewall shouldn't be necessary for most people, because you shouldn't be running things that listen on a workstation anyway. However, it's never a bad thing to run a simple iptables setup with a default deny all policy. You just have to remember to allow connections if you ever start doing anything more creative (SSH is the first good example of this).

However, maxschlepzig also brings up another important point. It's not just what people try to do to you, but also what you do to yourself. Unsafe web browsing is probably the greatest risk to the average desktop user, with unsafe email and "thumbdrive" use being close behind.

If Firefox is your default browser, I recommend plugins such as Adblock Plus, FlashBlock, NoScript, and BetterPrivacy. Similar tools exist for Chrome as well. I include adblocking as a protection because I've seen ads on legitimate sites that were really malware loaders, so I recommend using an ad blocker unless you have a reason not to for a specific site. NoScript also helps a lot, by preventing JavaScript from running unless you allow it.

For email, the obvious recommendations to not open unknown or unexpected attached files without inspection is still a good recommendation. I'd also see what you can turn off. Some clients let you disable JavaScript in inbound HTML email, or disable the HTML part of a message entirely. Plain text may not be as pretty, but it's a lot harder to sneak in a bit of malware, too.

You're safe! Ubuntu clean install comes with no network services available to other system. So there is no risk.

Nevertheless, while using Ubuntu, you might install application that will offer services to other system on a network: e.g. files or printers sharing.

As long as you stay inside your home or work environment (which are usually both behind a router or firewall), you can consider your computer safe, especially if you keep it up-to-date with the latest security fix: See in System->Administration->Update Manager.

Only if you are directly connected to the internet or on a public WiFi (like in a coffee bar or hotel room) and if you use network services like sharing files/folders then you could be exposed. Though again, the package responsible for Windows File Sharing (named samba) is often kept up to date with security fix. So you should not worry too much.

So if you feel it's risky or if you're in a risky environment, try installing a firewall. ufw has been suggested, but it is command line, and there is a nice graphical interface to configure it directly. Look for the package named Firewall Configuration or gufw in the Ubuntu Software Centre.

The application is located (once installed) in System->Administration->Firewall Configuration.

You can activate it when you're on a public WiFi or other kind of direct/untrusted connections. To activate the firewall, select "Enable" on the main window. Deselect it to deactivate the firewall. It's that easy.

PS: I don't know how to find the 'apt' link, so that's why I don't put them...

AppArmor allows you to control every application that has access to the Internet. With this tool you can control which files and directories are accessed by this application, and which posix 1003.1e capabilities. This is very, very powerful.

Many applications can be profiled easily by installing the apparmor-profiles package from the repositories.